CVE-2017-3215

CVE-2017-3215

Vendor Milwaukee Tool
Product ONE-KEY
Weakness CWE-613 · Insufficient session expiration
Published June 20, 2017
Last update August 5, 2024

CVSS base score

What the vulnerability does

01Description

The Milwaukee ONE-KEY Android mobile application uses bearer tokens with an expiration of one year. This bearer token, in combination with a user_id can be used to perform user actions.

Key dates

02Disclosure timeline

June 20, 2017 CVE published
August 5, 2024 Record updated